<?php
require_once 'C:\xampp\htdocs\GreenwichFreecycle\include\mysql.inc.php';
//included in greenFreeDb.php
require_once 'C:\xampp\htdocs\GreenwichFreecycle\include\greenFreeDb.php';
require_once 'C:\xampp\htdocs\GreenwichFreecycle\include\utility.php';
require_once 'C:\xampp\htdocs\GreenwichFreecycle\include\emailMessages.php';

//below has been moved to link in inclue folder and replaced with said link
//using require_once
//
//define('URLFORM', 'https://localhost/GreenwichFreecycle/create_account.php');
//define('URLLIST', 'https://localhost/GreenwichFreecycle/verification_form.php');
//define('URLACTIVATE', 'https://localhost/GreenwichFreecycle/accountActivation.php');
require_once 'C:\xampp\htdocs\GreenwichFreecycle\include\links.php';

$referer = $_SERVER['HTTP_REFERER'];

// if rererrer is not the form redirect the browser to the form
if ( $referer != URLFORM && $referer != URLLIST) {
   header('Location: ' . URLFORM);
}

// function to clean up any magic quotes
// replaced with a function in seperate file
// 
//function stripslashes_array($data) {
//    if (is_array($data)){
//        foreach ($data as $key => $value){
//            $data[$key] = stripslashes_array($value);
//        }
//        return $data;
//    }else{
//        return stripslashes($data);
//    }
//}
?>

<?php echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/tr/xhtml1/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb">
<head>
<title>Registering GreenwichFreecycle Account</title>
<link href="" rel="stylesheet" type="text/css" />
</head>
<body>

<?php
// blimmin magic quotes should be off
if (get_magic_quotes_gpc()) {
   $_POST = stripslashes_array($_POST);
}
// copy POST input to scalars
extract($_POST);
$strValid  = '';

// the Yes button commits input to the database
if ( isset($_POST['yesButton']) ) {
   if ( !($link=mysql_connect($host, $user, $passwd)) ) {
      echo '<p>Error connecting to database</p>';
   }
   else {
       
      mysql_select_db($dbName);
      $escapeduserName = mysql_real_escape_string($userName);
	  $escapeduserEmail = mysql_real_escape_string($userEmail);
	  $escapeduserPassword =  mysql_real_escape_string($userPassword);
	  $escapeduserPostcode = mysql_real_escape_string($userPostcode);
          $hashEsUserPassword = sha1($escapeduserPassword);
      $query = "INSERT INTO FSuser (username, password, email_address, postcode)" .
               "VALUES ('$escapeduserName', '$hashEsUserPassword', '$escapeduserEmail', '$escapeduserPostcode')";
      if ( !mysql_query($query,$link) ) {
         echo '<p>Insert error</p>';
      } else {
         echo "<p>Thank you for completing the registration form $userName</p>" .
              '<a href="' . URLACTIVATE .'">click to continue...</a>';
        // mailUser($userEmail);

         
      }
      mysql_close($link);     
   }
   exit('</head><body></body></html>');
}




// validate input from the form
if ( !preg_match('/^[a-zA-Z0-9]{3,20}$/',$userName))
   $strValid .= "  Username<br />\n";
if ( !preg_match('/^[a-zA-Z][a-zA-Z0-9]{1,3}[0-9][a-zA-z][a-zA-z]$/',$userPostcode) ) 
   $strValid .= "  uk postcode<br />\n";
if ( !preg_match('/^([\w\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/',$userEmail) )
   $strValid .= "  Email<br />\n";
if ( !preg_match('/^[a-zA-Z0-9]{8,20}$/',$userPassword) || !preg_match('/[A-Z]/', $userPassword) 
       || !preg_match('/[a-z]/', $userPassword) 
       || !preg_match('/[0-9]/', $userPassword))//net tuts : Vasili
   $strValid .= "  password<br />\n";
if (userNameAlreadyAssignDb($userName))
    $strValid .= " user name already assign please choose another<br />\n";

// use hidden fields to pass state back to the input form (No/Back button)
$changeUrl = URLFORM;//URLFORM;
if(!$strValid){$changeUrl = URLLIST;}
echo '<form action="' . $changeUrl . '" method="post"><p>' . "\n" .
     '<input type="hidden" name="userName" value="' . $userName . '" />' . "\n" .
     '<input type="hidden" name="userPassword" value="' . $userPassword . '" />' . "\n" .
     '<input type="hidden" name="userEmail" value="' . $userEmail . '" />' . "\n" .
     '<input type="hidden" name="userPostcode" value="' . $userPostcode . '" />' . "\n" ;

// report input data back to the user
echo '<h2>Information received from you</h2><p>' .
      "\n User name: $userName<br />" .
      "\n Email: $userEmail<br />" .
      "\n Postcode: $userPostcode<br />" .
        "\n Password: $userPassword </p>";

// if there are validation failures
// report them to the user an offer a 'Back' button
if ( $strValid ) {
?>

<p>The following details have not been entered correctly:<br /><br />
<?php echo $strValid ?>
<br /><br />Please go back and make corrections<br /><br />
<input type="submit" value="Back"/></p>
    
 

<?php
} else {
// otherwise ask for input confirmation
    
?>

<p>Please confirm that the above details are correct<br />
<input type="submit" value="No"/>  
<input type="submit" name="yesButton" value="Yes"/>
</p>

<?php } ?>

</form>
</body>
</html>